原文连接:http://www.kaijanmaki.net/2009/10/26/recovering-files-from-ecryptfs-encrypted-home/
稍微做了一点改动,如果按照原文的话,在ubuntu14.04上操作是不成功的,主要是.Private目录的路径问题
First you need to make sure ecryptfs-utils is installed:
$ sudo aptitude install ecryptfs-utils
Create a directory where the backup is opened:
$ cd /mnt $ sudo mkdir OldHome
Now, here’s the part that was missing from all the instructions. At least Ubuntu is using filename encryption to hide the real filenames. You need two keys for accessing: one for accessing the file content and one to decrypt the filenames to be meaningful. To get the key do:
$ sudo ecryptfs-add-passphrase --fnek Passphrase:
Enter the recovery passphrase: the long one you had to manually write down to a piece of paper when you installed the system. Then you should have a similar output as the following:
Inserted auth tok with sig [xxxxxxxxxxxxxxx] into the user session keyring Inserted auth tok with sig [yyyyyyyyyyyyyyyy] into the user session keyring
Now, write down the second signature [yyyyyyyyyyyyyyyy].
Now you are ready to decrypt the backup:
$ sudo mount -t ecryptfs /media/ubuntu/7a85582fc-.....-4adf70f59ab7/kevin/.Private OldHome/
Passphrase: Select cipher: 1) aes: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded) 2) blowfish: blocksize = 16; min keysize = 16; max keysize = 56 (not loaded) 3) des3_ede: blocksize = 8; min keysize = 24; max keysize = 24 (not loaded) 4) twofish: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded) 5) cast6: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded) 6) cast5: blocksize = 8; min keysize = 5; max keysize = 16 (not loaded) Selection [aes]: Select key bytes: 1) 16 2) 32 3) 24 Selection [16]: Enable plaintext passthrough (y/n) [n]: Enable filename encryption (y/n) [n]: y Filename Encryption Key (FNEK) Signature [xxxxxxxxxxxxxxx]: yyyyyyyyyyyyyyyy Attempting to mount with the following options: ecryptfs_unlink_sigs ecryptfs_fnek_sig=yyyyyyyyyyyyyyyy ecryptfs_key_bytes=16 ecryptfs_cipher=aes ecryptfs_sig=xxxxxxxxxxxxxxx WARNING: Based on the contents of [/root/.ecryptfs/sig-cache.txt], it looks like you have never mounted with this key before. This could mean that you have typed your passphrase wrong. Would you like to proceed with the mount (yes/no)? : yes Would you like to append sig [df3c98e4c85db0c5] to [/root/.ecryptfs/sig-cache.txt] in order to avoid this warning in the future (yes/no)? : no Not adding sig to user sig cache file; continuing with mount. Mounted eCryptfs
Now you are able to access the decrypted backup in OldHome directory and you also have correct filenames.